Cyber Bites

A serious vulnerability has been found in the latest version of GNU Privacy Guard (GnuPG)'s free encryption software cryptographic library, Libgcrypt 1.9.0. Libgcrypt is GnuPG's general purpose cryptographic library GnuPG, but a number of other encryption software's also employ it. Libgcrypt 1.9.0 was originally been released last week, on 19th January 2021, and was supposed to be integrated into the latest GnuPG 2.3 release. However, Werner Koch, the author of Libgcrypt and the principal developer...

The Australian government admitted to unintentionally sharing sensitive passenger information with one of the department's consular clients. This data breach occurred on January 24th, in which passenger's full name, gender, date of birth, email address, passport details (number, expiry, issuing country), Australian citizenship status, phone number, current location, and flight booking reference of those booked on the flight had been accidentally copied into an email and sent. The Australian Government Department of Foreign Affairs and...

Apple has announced it will introduce a new privacy control feature in the spring. This new feature, known as App Tracking Transparency will prevent iPhone apps from secretly shadowing users. A general date has not yet been disclosed, but the new feature will likely be a part of an update that is planned to arrive late March or early April. Apple has delayed the introduction of the new update to give Facebook and other app...

Mozilla's 2020 Internet Health Report deals with some key concerns that could potentially threaten the openness, security and accessibility of the Internet. Over the past year, the Internet has been riddled with problems related to "built-in" racial bias, creating a toxic environment in which discrimination and diversification are rampant. Mozilla believes that the Internet landscape "reflects a particular corpus of web content and the context of software developers, managers, and executives of technology companies who...

A new phishing tool kit has been developed by a cybercrime group which allows criminals to change text and logos in real-time on phishing pages in order to adapt to victims. The kit is called LogoKit, and according to it RiskIQ is has already been seen in use online. RiskIQ has said that the toolkit has been identified on over 300 domains in the past week alone, and more than 700 sites in the past...

Grindr, the worlds largest gay, bisexual and trans dating app has been hit with a large fine in Norway following an alleged breach of data privacy. Norway’s Data Protection Authority (NDPA) announced on Tuesday that they are intending to fine Grindr $11.7m due to the app illegally disclosing user data to advertising firms. The dating app is claiming that the allegations relate back to Norweigan regulations from 2018, when Grindr had different policies in place. The...

Research released on Tuesday revealed that a now-patched TikTok security flaw could have exposed millions of the app's users and their associated phone numbers to attackers who could then use that data for malicious activity. The flaw only affected users who have their phone number linked to their accounts or use their phone numbers to log in to their accounts. If this flaw was successfully exploited then any users who have their phone numbers linked...

New research from Seqrite has found that in 2020 there were 13,733 malware threats detected every hour. The report showed that of all threats Trojan malware threats were the leaders quarter-on-quarter (QoQ) and year-on-year (YoY). According to the research out of the 113 million malware detections, the first quarter totalled the highest at 36 million detections. It also showed that in the month of January there were the most malware attacks. Himanshu Dubey, Director, QuickHeal...

Around January 14th, 2021, the retail giant Dairy Farm was attacked by the REvil ransomware operation. The attackers demanded a $30 million ransom. The ransomware group compromised Dairy Farm's network and encrypted devices. Allegedly the attackers had access to information up until 7 days after the attack. Dairy Farm is a massive pan-Asian retail chain operator that operates several grocery, convenience store, health and beauty, home furnishing and restaurant brands in Asian markets. These include...

The new update has been released with security fixes for three vulnerabilities that had affected iPhones and iPads. Apple admitted that the three bugs "may have been actively exploited" by hackers. Apple has refused any further commentary, leaving details of the security vulnerabilities scarce. It is unknown who started the attack and who was targeted, or may have been affected. What is known, is that two of the bugs were found in the WebKit, which...